Category: Good news
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29824 Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of…
Read MoreToday, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased agency adoption of the VDP Platform, supporting federal civilian executive branch (FCEB) agencies in identifying vulnerabilities…
Read MoreCISA released two Industrial Control Systems (ICS) advisories on October 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read MoreCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability CVE-2021-4043 Motion Spell GPAC Null Pointer Dereference Vulnerability CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors…
Read MoreSynology–Synology Drive Client Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors. 2024-09-26 6.5 CVE-2022-49037 security@synology.com Synology–Synology Drive Client Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local…
Read MoreMultiple Vulnerabilities in Foxit PDF Reader and Editor Could Allow for Arbitrary Code Execution
- by nlqip
MS-ISAC ADVISORY NUMBER: 2024-105 DATE(S) ISSUED: 09/27/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Foxit PDF Reader and Editor, the most severe of which could result in arbitrary code execution. Foxit PDF Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files. Successful exploitation of the most…
Read MoreCisco released its September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication to address vulnerabilities in IOS and IOS XE. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply the necessary updates: …
Read MoreCitrix released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. A cyber threat actor could exploit some of these vulnerabilities to cause a denial of service condition. CISA encourages users and administrators to review the following and apply necessary updates: Source link lol
Read MoreAs Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door…
Read MoreASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises | CISA
- by nlqip
Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate common techniques used by malicious actors to compromise Active Directory. Active Directory…
Read MoreRecent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA